VPN Bridge Works in windows but not in Linux!
-
Please Help!
I have setup an openvpn bridge and it work great in windows (xp, vista, win7), but keeps giving me error in Linux. Any ideas?
Sever Conf
dev ovpns1
dev-type tap
dev-node /dev/tap1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-128-CBC
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local 74.91.109.99
engine cryptodev
tls-server
mode server
username-as-common-name
auth-user-pass-verify /var/etc/openvpn/server1.php via-env
tls-verify /var/etc/openvpn/server1.tls-verify.php
lport 1194
management /var/etc/openvpn/server1.sock unix
max-clients 25
push "dhcp-option DNS 172.28.0.1"
push "dhcp-option DNS 172.28.6.13"
push "redirect-gateway def1"
client-to-client
ca /var/etc/openvpn/server1.ca
cert /var/etc/openvpn/server1.cert
key /var/etc/openvpn/server1.key
dh /etc/dh-parameters.1024
crl-verify /var/etc/openvpn/server1.crl-verify
tls-auth /var/etc/openvpn/server1.tls-auth 0
comp-lzo
persist-remote-ip
floatServer ifconfig -a
re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=389b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic>ether 38:60:77:c5:de:51
inet 74.91.109.99 netmask 0xfffffffc broadcast 74.91.109.100
inet6 fe80::3a60:77ff:fec5:de51%re0 prefixlen 64 scopeid 0x1
nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=2098 <vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:1b:21:b0:86:15
inet 172.28.0.1 netmask 0xffff0000 broadcast 172.28.255.255
inet6 fe80::21b:21ff:feb0:8615%em0 prefixlen 64 scopeid 0x2
inet 172.28.6.13 netmask 0xffffffff broadcast 172.28.6.13
inet 172.28.6.14 netmask 0xffffffff broadcast 172.28.6.14
nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
nd6 options=3 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
pflog0: flags=100 <promisc>metric 0 mtu 33200
enc0: flags=0<> metric 0 mtu 1536
bridge0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
ether 4a:17:42:20:9d:1e
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: ovpns1 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 8 priority 128 path cost 2000000
member: em0 flags=143 <learning,discover,autoedge,autoptp>ifmaxaddr 0 port 2 priority 128 path cost 2000000
ovpns1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
options=80000 <linkstate>ether 00:bd:b8:3e:00:01
inet6 fe80::2bd:b8ff:fe3e:1%ovpns1 prefixlen 64 scopeid 0x8
nd6 options=3 <performnud,accept_rtadv>Opened by PID 13857
tun1: flags=8010 <pointopoint,multicast>metric 0 mtu 1500
options=80000 <linkstate>Server LogMay 23 10:55:29 openvpn[58493]: djackson/75.100.124.99:5892 send_push_reply(): safe_cap=960
May 23 10:55:27 openvpn: user djackson authenticated
May 23 10:55:27 openvpn: : Logged in successfully as djackson via LDAP server Dougs_LDAP with DN = uid=djackson,ou=people,dc=tcsbasys,dc=com.
May 23 10:55:27 openvpn: : Now Searching in server Dougs_LDAP, container ou=people,dc=tcsbasys,dc=com with filter (uid=djackson).
May 23 10:55:27 openvpn: : Now Searching for djackson in directory.
May 23 10:55:26 openvpn: Found certificate /C=US/ST=Wisconsin/L=Middleton/O=TCS_Basys/emailAddress=djackson@tcsbays.com/CN=User-ca with depth 0
May 23 10:55:26 openvpn: Found certificate /C=US/ST=Wisconsin/L=Middleton/O=TCS_Basys/emailAddress=djackson@tcsbays.com/CN=VPN-ca with depth 1
May 23 10:54:06 openvpn[58493]: djackson/75.100.124.90:5892 send_push_reply(): safe_cap=960
May 23 10:54:05 openvpn: user djackson authenticated
May 23 10:54:05 openvpn: : Logged in successfully as djackson via LDAP server Dougs_LDAP with DN = uid=djackson,ou=people,dc=tcsbasys,dc=com.
May 23 10:54:05 openvpn: : Now Searching in server Dougs_LDAP, container ou=people,dc=tcsbasys,dc=com with filter (uid=djackson).
May 23 10:54:05 openvpn: : Now Searching for djackson in directory.
May 23 10:54:04 openvpn: Found certificate /C=US/ST=Wisconsin/L=Middleton/O=TCS_Basys/emailAddress=djackson@tcsbays.com/CN=User-ca with depth 0
May 23 10:54:04 openvpn: Found certificate /C=US/ST=Wisconsin/L=Middleton/O=TCS_Basys/emailAddress=djackson@tcsbays.com/CN=VPN-ca with depth 1Client Conf
dev tap
persist-tun
persist-key
proto udp
cipher AES-128-CBC
tls-client
client
resolv-retry infinite
remote 74.91.109.99 1194
tls-remote User-ca
auth-user-pass
pkcs12 pfsense-udp-1194.p12
tls-auth pfsense-udp-1194-tls.key 1
comp-lzoClient Log
nin@Bushi /etc/openvpn $ sudo openvpn –config pfsense-udp-1194.ovpn
[sudo] password for ronin:
Wed May 23 10:39:52 2012 OpenVPN 2.1.0 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Enter Auth Username:djackson
Enter Auth Password:
Wed May 23 10:39:58 2012 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed May 23 10:39:58 2012 WARNING: Make sure you understand the semantics of –tls-remote before using it (see the man page).
Wed May 23 10:39:58 2012 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed May 23 10:39:58 2012 WARNING: file 'pfsense-udp-1194.p12' is group or others accessible
Wed May 23 10:39:58 2012 /usr/bin/openssl-vulnkey -q -b 2048 -m <modulus omitted="">Wed May 23 10:39:58 2012 WARNING: file 'pfsense-udp-1194-tls.key' is group or others accessible
Wed May 23 10:39:58 2012 Control Channel Authentication: using 'pfsense-udp-1194-tls.key' as a OpenVPN static key file
Wed May 23 10:39:58 2012 LZO compression initialized
Wed May 23 10:39:58 2012 UDPv4 link local (bound): [undef]
Wed May 23 10:39:58 2012 UDPv4 link remote: [AF_INET]74.91.109.99:1194
Wed May 23 10:39:58 2012 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Wed May 23 10:39:59 2012 [User-ca] Peer Connection Initiated with [AF_INET] 74.91.109.99:1194
Wed May 23 10:40:01 2012 TUN/TAP device tap0 opened
Wed May 23 10:40:01 2012 NOTE: unable to redirect default gateway – VPN gateway parameter (--route-gateway or --ifconfig) is missing
Wed May 23 10:40:01 2012 Initialization Sequence Completed</modulus></linkstate></pointopoint,multicast></performnud,accept_rtadv></linkstate></up,broadcast,running,promisc,simplex,multicast></learning,discover,autoedge,autoptp></learning,discover,autoedge,autoptp></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_ucast,wol_mcast,wol_magic></up,broadcast,running,simplex,multicast>